Training courses 2014 - Chartered Institute of Internal Auditors
Transcription
Training courses 2014 - Chartered Institute of Internal Auditors
www.iia.org.uk/courses Training courses 2014 IIA Certificate in Internal Audit and Business Risk | Professional development and practice Strategy and leadership | Risk and audit | Auditing specialist topics | IT audit Welcome At the IIA we’re committed to helping our members fulfil their career potential and within these pages you will find courses designed to suit all levels of ability from new entrants to heads of internal audit. Our continually expanding portfolio has been designed with the aim of helping individuals and organisations stay at the leading edge. We’ve recently introduced some exciting new courses to help you with some of the practical elements of audit work – using Visio and PowerPoint, for example. You’ll also find courses on auditing areas of the business we know members find challenging, including organisational culture, human resources, IT governance, networked systems, outsourced contracts and procurement. We look forward to welcoming you to one of our courses soon. Why choose IIA training courses? 1. A reputation for excellence As the professional body for internal auditors in UK and Ireland, nobody understands the challenges you face like we do. We know it’s a complex and fast evolving field and we also know what good internal audit looks like. 2. Industry standards All our courses are mapped to the IIA’s competency framework and based on the latest standards and best practice. That means you’ll get the relevant skills and knowledge you and your organisation need. 3. Expert tutors Our trainers are all specialists in their field. They combine academic expertise with hands-on experience in a range of sectors. They can also engage and translate theory and ideas into meaningful examples. 4. Practical and relevant Our courses focus on effective implementation, not just theory, so you’ll take away methodology and ideas you can apply to your own organisation. We constantly update our course content to reflect current thinking and best practice. Ann Cantillon Training and Development Director 5. Tailored and bespoke solutions If you’re looking for a more tailored approach to training we can work with you to customise a course for your whole team and deliver it in-house, saving you time and money (see p5). How to book Visit www.iia.org.uk/courses Questions? Call our training team on 020 7498 0101 Page 2 | Training courses for internal auditors 2014 Contents IIA competency framework 4 In-house training 5 Group savings 5 Meet the tutors 6 Risk and audit Risk based internal auditing – a practitioner’s course Assurance mapping – a practitioner’s workshop Risk based internal auditing – an audit management course Auditing enterprise-wide risk management (ERM) 30 30 31 32 IIA Certificate in Internal Audit and Business Risk Certificate overview IIA Award in compliance audit and assurance 8 9 10 11 12 13 14 15 IIA/CIPFA Award in audit and assurance in a changing environment (public sector) 16 IIA Award in corporate governance and risk management IIA/CIPFA Award in governance and risk management (public sector) IIA Award in the internal audit planning and assurance framework IIA Award in the effective delivery of audit and assurance IIA Award in interpersonal skills for audit and assurance IIA Award in information systems audit and assurance Auditing specialist topics Lean auditing – delivering added value from audit in an efficient way Auditing fraud risk – a practitioner’s action plan Value for money (VFM) / performance auditing Auditing projects, project management and project risk Auditing contracts, outsourcing and procurement Data security risks for internal audit Auditing the treasury function – a practitioner’s guide Auditing of culture Auditing the HR function 33 33 34 35 36 37 38 39 39 Strategy and leadership Heads of internal audit – induction master class Successful strategies for heads of internal audit – a master class Successful strategies for audit managers – a master class Leading the audit team The internal auditor’s guide to strategic thinking 18 19 19 20 21 IT audit Introduction to information systems auditing Auditing networked systems Advanced information systems auditing 40 41 42 Professional development and practice An introduction to internal auditing Audit report writing Ultimate persuasion techniques Techniques for effective testing A practical guide to evaluating risks and controls Keeping up with technology – better governance and control Using Visio to create process maps Process thinking for internal auditors Putting Office to better use – CAATs PowerPoint for meetings and reports 22 23 23 24 25 26 26 27 28 29 Training courses for internal auditors 2014 | Page 3 Develop your professional competencies In the complex and fast-evolving field of internal audit it’s vital that practitioners regularly refresh their knowledge and skills to keep up to date. Continuing professional development (CPD) helps IIA members aspire to the highest standards of professional practice. competency areas for effective internal auditors. There are four strands to the framework: • • • • All the training courses in this brochure are mapped to the IIA competency framework, which outlines the International Professional Practices Framework (IPPF) Knowledge areas Tools and techniques Interpersonal skills IIA competency framework Co mm uni cat ion Int e r pe rs he ot kills al s on rs Mana ging chang e Personal effectiveness ging Mana mance perfor inv Rese es ar tig ch at & ion rol ont c & ing ag an M Tools and techn iqu es IPPF s ea ar ng lvi so Page 4 | Training courses for internal auditors 2014 y alit Qu Risk & control es & ess ent c o pr gem ess ana n i s m Bu ject pro Find out more at www.iia.org.uk/cpd ation Informology techn lem ob Pr Da ta c o & a llecti nal on ysis Intern al env ironm ent Ex te rn al en vir on m en t Kno wl ed ge You’ll see references to this framework throughout the brochure to show you which competency areas are addressed by each course. In-house training Groups save money If several members of your internal audit team need training on the same subject, or you want to arrange a course tailored specifically to your organisation, then in-house training is the answer. This is a highly effective training method and has a lasting impact on individual and team performance. Booking more than one place? Save with our group discount. We can deliver all the courses in this brochure on an in-house basis. We’ll work with you to understand your business and your people, and the learning outcomes you want to achieve. Then we’ll tailor the course content to meet your needs. No. of delegates Save 2 £50 3 £150 £400 Benefits of in-house training Visit www.iia.org.uk/courses/groups If your organisation books more than one place on the same training course at the same time, we’ll discount the total cost. 4 or more 1.The course can address specific issues within your organisation 2.The whole team can feel comfortable sharing sensitive information and discussing real examples 3. It’s more convenient – you can pick a date that suits you 4.Running the course at your premises reduces staff travel time and expenses 5.We charge a standard daily rate so the cost per delegate is very cost effective Contact us Why not give us a call to talk through your requirements? Once we understand your objectives we’ll work with the tutor to put together a programme and a competitive quote. Call our training team on 020 7498 0101 Email [email protected] Visit www.iia.org.uk/courses/inhouse Training courses for internal auditors 2014 | Page 5 Meet the tutors John Chesshire Stan Dormer John has over 15 years’ experience in delivering internal audit assurance and consulting related services to a range of organisations, particularly across the public sector. Prior to joining the States of Guernsey as head of internal audit in 2010, he was a freelance consultant specialising in the delivery of internal audit, governance and risk management activity. Stan is a recognised expert in the field of governance, auditing, business and project risk and IT. He is highly regarded for innovation within his subject. Stan is the author of numerous articles and publications and was the author of the distance learning materials and revision schools supporting IIA qualifications. CFIIA CISA CFIIA Judy Fuggle Judy has been a full-time trainer since the mid-1980s. She has worked extensively within a large publishing corporation, the arts, the media, large and small financial organisations and a wide range of groups within the public and private sectors. Her areas of expertise include training course design, presentation of all aspects of management training, interpersonal skills development programmes, facilitation, mentoring and a wide menu of management consultancy services. Rosamond Goodall CMIIA Rosamond has been a facilitator for IIA qualifications and training since 2003. She has a career that spans 30 years within the financial services and healthcare industries and is currently an audit manager within the NHS. In addition to her internal audit experience she has managed a project office for a global financial services organisation. She has a supportive approach to training and facilitation to ensure delegates develop the knowledge and skills required to be successful in their careers. John particularly focuses on the provision of training and CPD, on a national and international basis, including delivery in fragile states. Stan has run master classes, keynote sessions and workshops at numerous conferences and training events around the world and was the designer of the first practical resident continuous audit monitoring. Ian Middleton James Paterson Martin Robinson Liz Sandwith Ian is a Chartered Accountant who came to have an appreciation of the value of internal audit while working as an external auditor. He discovered the IIA in 1987 when he took up his first director post in Edinburgh. Previously a finance professional, James was a head of internal audit for AstraZeneca plc for seven years. James has been training, consulting and coaching HIAs and their teams for four years and runs a number of key courses for the IIA. Martin is the training development advisor for the IIA. He develops, presents and facilitates a wide range of events, seminars and conferences. His considerable experience includes subjects such as risk management, governance, change management, ethics and culture, bribery and corruption, IT audit and audit reporting. A past IIA president, Liz has always adopted a hands-on approach undertaking the more complex internal audits, supporting and guiding members of her team, as well as facilitating IIA training. MA CA FCIIA He became a member of the IIA Scotland, ultimately being elected chairman. Ian has held a number of non-executive positions and uses his considerable experience. PIIA James was a member of the IIA council and is an active participant at risk and audit conferences and workshops in the UK and overseas. James has had numerous articles published and is currently working on an auditing book project for John Wiley & sons. Page 6 | Training courses for internal auditors 2014 CFIIA FCIS AFA Martin chairs the Fraud Advisory Panel’s fraud prevention and detection working group. He worked for 25 years in the audit and risk department of Lloyds TSB Group as head of business audit. CFIIA An expert on corporate governance, risk management, assurance, compliance and internal control Liz is currently Head of Assurance, Risk and Compliance for a major health care provider. Liz has previously worked for a major TV broadcaster where she provided the full range of internal audit services for 13 years. Dr Stephen Hill Gary Ingamells Stephen Maycock Stephen specialises in e-crime, online intelligence and data security and has over 14 years’ experience in cyber fraud, data protection and IT governance. He is a Trustee Director of the Fraud Advisory Panel and chairs the Cybercrime Working Group. A published author, he has written for several well-known publications and a book, Corporate Fraud: Prevention & Detection. Stephen has trained UK police forces’ private-sector fraud units, not-for-profit organisations, world banks and major retailers. Gary is currently an audit manager at the Department for Work and Pensions with responsibility for providing assurance over Information Management and Security. He has a degree in Business Management and also a Post Graduate Certificate in Education. Stephen is a professional trainer, writer and consultant. His broad international experience, as practitioner and consultant, spans a number of sectors, and this has provided him with some fascinating case studies which he uses to bring his training to life. MLPI CIIP CMIIA Gary achieved the Advanced Diploma in 2002 and has been a tutor for the Internal Audit Practices module ever since. He also facilitates at the Internal Audit Practices revision workshops and the IIA Award in the internal audit planning and assurance framework. CFIIA CRMA CIRM Stephen contributes to the development of internal audit though serving as an IIA elected director, participating in professional committees and contributing to international qualification development. He has also helped foreign governments with the development of internal auditing and risk management. I enjoyed the IIA course because of the way the trainers successfully mixed the theory of internal auditing with audit practice, enabling me to gain a greater understanding of the profession as a whole. Pauline Douglas Senior Internal Auditor, Department for International Development Marian Silltow CFIIA Marian has developed and delivered a range of education and training programmes for the IIA as well as authoring several study texts. She currently delivers workshops for the certificate, diploma and advanced diploma qualifications including advanced internal auditing and strategic management. Her teaching style is interactive, friendly and inclusive. Her principal focus when delivering revision workshops is to ensure that delegates achieve their individual objectives and that they attain success in the IIA assessment process by being as well prepared as possible. John Silltow John has over 30 years’ experience of information systems within the government, private and not for profit sectors. He has specific expertise in computer audit, computer security, business continuity and software management. He is the author of the P4 study text and runs courses for the IIA Certificate programme. John has authored several texts on information security and auditing both at technical as well as student level. He is also author of Auditing Business Continuity Management Plans published by the British Standards Institution. Graham Westwood FIIA Graham specialises in internal audit covering principles and organisational features as well as essential practices and techniques. Before this, he gained wide experience of both performing and managing internal audit activity in the public sector. Part of this experience was that of audit manager with Yorkshire Water. He was initially a qualified accountant but now concentrates solely on internal audit matters. Graham has been involved with IIA training, education and examinations programmes, for which he received a fellowship. Training courses for internal auditors 2014 | Page 7 IIA Certificate in Internal Audit and Business Risk The IIA Certificate is an accredited modular course combining theory and practical skills. If you’re new to internal audit or working in a related role, it will give you a thorough grounding in the practice and principles of audit, governance, risk and assurance. Studying for the IIA Certificate This programme is ideally suited to those who have been seconded into internal audit as it will help you make the most of your time in the role. You can comfortably complete the IIA Certificate in a year and there are no exams to sit. Core IIA Awards The IIA Certificate is made up of eight individual awards, each covering a key area of internal audit. Each award can also be studied individually. IIA Award in corporate governance and risk management OR 9 IIA/CIPFA Award in governance and risk management (public sector) 10 • earn the IACert designation IIA Award in the internal audit planning and assurance framework 11 • learn about the framework and processes for providing assurance on business risks Optional IIA Awards • b uild your skills and knowledge in all aspects of internal audit IIA Award in the effective delivery of audit and assurance 12 • study case studies and practical examples. IIA Award in interpersonal skills for audit and assurance 13 IIA Award in information systems audit and assurance 14 IIA Award in compliance audit and assurance 15 IIA/CIPFA Award in audit and assurance in a changing environment (public sector) 16 By studying the IIA Certificate you will: Each award comprises a 30 hour learning programme which includes a two-day training course and self-study. You will need to do some reading and set objectives before attending each course and submit a personal development log for each award. Fee £3460 +VAT plus IIA affiliate membership (see p29 about joining the IIA) You have to hold membership to study the IIA Certificate. Find out more and register at www.iia.org.uk/certificate Page 8 | Training courses for internal auditors 2014 IIA Certificate in Internal Audit and Business Risk IIA Award in corporate governance and risk management Learn about the essential characteristics of corporate governance and risk management, and the contribution they make to organisational effectiveness. This award will help you recognise the importance of assurance and its role in internal control. The key principles of risk management, internal control and risk identification and analysis will be examined closely. You’ll also learn about embedded monitoring and independent assurance. Pre-course work Who should attend? Two days • n ew entrants to internal audit who do not necessarily anticipate remaining in internal audit as their chosen career path • internal auditors and internal audit managers • r isk managers • a udit committee members • t hose who join or are seconded to the internal audit team to assist with a specific project because of their expertise in another area. Fees What will I learn? Upon completion you will be able to: • u nderstand the reasons behind the current state of play within the corporate governance arena • a ppreciate and consider current and potential future corporate governance initiatives both in the UK and overseas • a ssess the extent to which your organisation demonstrates characteristics of good and effective corporate governance • u nderstand basic principles and practices of risk management including many practical examples drawn from top UK and overseas organisations • a ppreciate the contribution that internal control makes to effective risk management and governance • u nderstand the role that internal audit might play within an organisation’s risk management and governance efforts • a ppreciate some practical tips on embedding risk management into the culture of your organisation • h ave an overview of risk-based internal auditing. You will need to read the study text that accompanies this course and identify your personal objectives. Presented by Stephen Maycock CFIIA CRMA CIRM Graham Westwood FIIA Duration Earn the IACert designation IIA member £895 +VAT Non-member £1095 +VAT Study four awards and gain the IIA Certificate for £3460 +VAT. See p8 for details. Dates 12–13 February, London 16–17 April, York 23–24 July, London 3–4 September, London 27–28 November, Cardiff IIA CPD competency areas covered International professional practices framework Risk & control Course programme The following topics will be covered: • introduction to the course and participants expectations • introduction to corporate governance • characteristics of good corporate governance • introduction to risk management • risk management practices and principles • introduction to internal control • control models and frameworks • embedding risk management • internal audit and risk management • risk-based internal auditing. Book YOUR PLACE at www.iia.org.uk/courses/cgrm Training courses for internal auditors 2014 | Page 9 IIA Certificate in Internal Audit and Business Risk IIA/CIPFA Award in governance and risk management (public sector) Learn about the requirements for internal audit in the public sector. This programme addresses the specific context of providing assurance to central government departments, local authorities and other organisations to enable you to contribute to organisational effectiveness. The current regulatory and legal requirements for accountability, reporting and financial control will be closely examined. You’ll also learn about management structures and governance frameworks in which internal audit operates. Who should attend? • n ew entrants to internal audit in the public sector • practitioners who are seconded to the internal audit team in the public sector • governance and risk specialists. What will I learn? Upon completion you will be able to: • understand the legal and regulatory environment underpinning the public sector and the requirements for internal audit in the public services sector • demonstrate knowledge of recent ethical developments in the public sector, their underlying causes and impact on internal audit • clarify what governance means in the public sector and knowledge of the roles and responsibilities of those contributing towards governance including that of internal audit • identify the key stakeholders in the public sector and understand how internal audit relates and interacts with them • evaluate the effectiveness of the risk management framework in identifying and assessing key risks and the role of internal audit in this framework • understand the processes in place to provide assurance that public assets are being used wisely and appropriately. Course programme The following topics will be covered: • introduction to the course, participants expectations and the miniaction plan • insight into the range of legislation that can affect internal audit; the professional standards that govern internal auditors and their work • t he Seven Principles of Public Life; the role ethics plays in the profession of internal auditing; dealing with ethical situations in your role as an internal auditor • c orporate governance framework; differences and similarities between public and private sector governance arrangements; internal audit’s role in corporate governance • s takeholder analysis, influence and management; working with internal audit stakeholders • c oncepts of risk management; the risk management process; the role of internal audit in risk management • a ssurance framework and assurance mapping; internal audit’s role in coordinated assurance. Pre-course work You will need to read the study text that accompanies this course and identify your personal objectives. Presented by Marian Silltow CFIIA Duration Earn the IACert designation Two days Fees IIA member £895 +VAT Non-member £1095 +VAT Dates Study four awards and gain the IIA Certificate for £3460 +VAT. See p8 for details. 8–9 April, London 18–19 November, York IIA CPD competency areas covered International professional practices framework Risk & control Book YOUR PLACE at www.iia.org.uk/courses/grm Page 10 | Training courses for internal auditors 2014 IIA Certificate in Internal Audit and Business Risk IIA Award in the internal audit planning and assurance framework Understand the framework within which internal controls and assurance are set. This award will examine the nature of internal control and the need for assurance. You’ll learn how internal control contributes to the success of an organisation by focusing on the risks, the suitability of the controls in place, the reliability of reporting and the level of compliance. It will help you contribute to the overall effectiveness of corporate governance and risk management. Who should attend? • n ew entrants to internal audit who do not necessarily anticipate remaining in internal audit as their chosen career path • t hose seeking an initial taster of the work of internal audit • t hose who join or are seconded to the internal audit team from another business area. What will I learn? Upon completion you will be able to: • a ppreciate the work of the internal audit function so you can begin to operate at an initial level of understanding • communicate with the internal audit team and clients, using language and technical terms, as appropriate, to the situation and requirements • contribute to the effective delivery of an audit assignment through appreciation of the planning, delivery and follow through of assignments • demonstrate an understanding of the value internal audit can add to business. Pre-course work You will need to read the study text that accompanies this course and identify your personal objectives. Presented by Liz Sandwith CFIIA Gary Ingamells CMIIA Duration Earn the IACert designation Two days Fees IIA member £895 +VAT Non-member £1095 +VAT Study four awards and gain the IIA Certificate for £3460 +VAT. See p8 for details. Dates 24–25 February, London 23–24 April, York 29–30 July, York 22–23 September, London 12–13 November, Cardiff IIA CPD competency areas covered International professional practices framework Business processes & project management Course programme The following topics will be covered: • purpose and role of internal audit • professional framework for internal audit • risk based audit planning • planning an audit engagement • documenting information • audit testing • audit evidence • audit documentation • reporting • follow up. Book YOUR PLACE at www.iia.org.uk/courses/paf Training courses for internal auditors 2014 | Page 11 IIA Certificate in Internal Audit and Business Risk IIA Award in the effective delivery of audit and assurance Learn how to contribute to the effective delivery of audit objectives and the improvement of the audit function. This includes effective scheduling of audit resources, working to key performance indicators, providing assurance to clients and adding value to the organisation. This award will help you to establish strong relationships with audit clients as well as provide a better understanding of your role in actively supporting and implementing change. Who should attend? • n ew entrants to internal audit who do not necessarily anticipate remaining in internal audit as their chosen career path • those seeking an initial taster of the work of internal audit • those who join or are seconded to the internal audit team to assist with a specific project because of their expertise in another area. What will I learn? Upon completion you will be able to: • determine which audit services are appropriate for your clients • manage audit assignments and resources through the use of planning tools and techniques • develop an effective audit monitoring programme • use marketing techniques to promote the audit function • work to key performance indicators that enable audit performance to be measured and evaluated • u nderstand how assurance is provided to key audit clients • o perate effectively within a team • m aximise the value delivered to audit clients. Course programme Audit services • authority for internal audit to act • assurance and consultancy engagements • challenges involved in changing from one type of audit approach to another. Managing audit resources • calculating resources for the plan • communicating your plan • c omputer assisted audit tools and techniques (CAATTs) and how to use them. Effective monitoring • m anaging the performance of the internal audit function. Marketing the audit function • m arketing internal audit services • m easuring marketing success. Key performance indicators • performance measurements • using the balanced scorecard for key performance indicators • criteria for key performance indicators. Assurance • internal audit assurance on control • providing the assurance - planning and engagements • providing the assurance - the annual assurance statement. Team working • building an effective team • characteristics of effective teams. Delivering maximum value • stakeholder views on internal audit and how it adds value • internal and external stakeholders • internal audit and value creation • evaluate audit engagements. Pre-course work You will need to read the study text that accompanies this course and identify your personal objectives. Presented by Marian Silltow CFIIA Duration Two days Fees IIA member £895 +VAT Non-member £1095 +VAT Earn the IACert designation Study four awards and gain the IIA Certificate for £3460 +VAT. See p8 for details. Dates 12–13 February, London 11–12 March, York 3–4 June, London 16–17 September, York 21–22 October, London 2–3 December, London IIA CPD competency areas covered Personal effectiveness Managing performance Book YOUR PLACE at www.iia.org.uk/courses/edaa Page 12 | Training courses for internal auditors 2014 IIA Certificate in Internal Audit and Business Risk IIA Award in interpersonal skills for audit and assurance Most internal audit work involves dealing with other people so interpersonal skills are essential. This involves communicating with others, using the powers of persuasion to influence them, or being assertive as necessary to make a point. Negotiation and influencing skills are crucial to achieving desired goals and building strong relationships. This award will show you a range of tools, techniques and exercises to improve your interpersonal skills. It will also help you identify the areas you need to improve. Who should attend? • n ew entrants to internal audit who do not necessarily anticipate remaining in internal audit as their chosen career path • those seeking an initial taster of the work of internal audit • t hose who join or are seconded to the internal audit team from another business area. What will I learn? Upon completion you will be able to: • u nderstand the importance of developing and sustaining effective business relationships • implement the principles for effective communication, including non-verbal communication • develop and apply effective listening skills • apply effective questioning strategies for dealing with challenging situations • develop and apply influencing skills • apply negotiation skills to achieve positive outcomes • manage conflict and resolve discrepancies • develop and deliver powerful presentations. Negotiating skills • structure of negotiations • preparing for negotiations • win-win and other outcomes • golden rules of effective negotiation • developing the win-win approach to negotiations. Presentation skills • preparing for oral presentations • making a presentation and handling questions • golden rules of effective presentations • developing your presentation skills. Pre-course work You will need to read the study text that accompanies this course and identify your personal objectives. Presented by Rosamond Goodall CMIIA Duration Earn the IACert designation Two days Fees IIA member £895 +VAT Non-member £1095 +VAT Study four awards and gain the IIA Certificate for £3460 +VAT. See p8 for details. Dates 13–14 March, York 5–6 June, London 18–19 September, York 4–5 December, London Course programme There is a combination of role play and training activities aimed at developing your communication skills in an enjoyable and relaxed environment. The course will cover the following topics: Effective communication • c ommunication purposes, media, styles, results and process. IIA CPD competency areas covered Personal effectiveness Communication Business relationships • effective and ineffective business relationships • expectations of internal auditors. Effective monitoring • m anaging the performance of the internal audit function. Meeting and interviewing skills • t ypes of meetings and interviews • s tructure of interviews • t ypes of questions • c ommon problems when meeting or interviewing clients • e ffective questioning strategies for dealing with challenging situations • g olden rules of effective meetings and interviews. Book YOUR PLACE at www.iia.org.uk/courses/ipaa Training courses for internal auditors 2014 | Page 13 IIA Certificate in Internal Audit and Business Risk IIA Award in information systems audit and assurance Learn about the principal risks inherent in information systems (IS) and the approaches used to audit them. This award also includes an introduction to using IT as an audit tool – computer assisted auditing tools and techniques (CAATTs). This award will provide a good understanding of the role played by IS in organisations and how these systems can be managed in a way that safeguards data security and integrity. Pre-course work Who should attend? Fees • n ew entrants to internal audit who are aiming to develop an IT audit skill set • as a refresher or update for the experienced auditor or an auditor who has returned to internal audit following time in the operational side of the business • specialists who join or are seconded to internal audit who need to get up to speed quickly with contemporary IT audit practice or who wish to move into IT auditing • internal auditors who wish to extend the role of their audit function to cover IS and IT systems. What will I learn? Upon completion you will be able to: • extend your understanding of the principal IS and IT systems • explain the key concepts relating to architecture and connectivity, information systems security, disaster recovery, asset management (including hardware software and information) • understand the use of and impact of social engineering techniques for an organisation • appreciate the value to be gained from computer forensics • understand the practical implications of the above for the IT auditor. You will need to read the study text that accompanies this course and identify your personal objectives. Presented by John Silltow Duration Two days Earn the IACert designation IIA member £895 +VAT Non-member £1095 +VAT Dates Study four awards and gain the IIA Certificate for £3460 +VAT. See p8 for details. 25–26 February, London 17–18 June, York 14–15 October, London IIA CPD competency areas covered International professional practices framework Information technology Course programme The following topics will be covered: • governance • IT strategy and direction • management – IT job roles and key relationships • policies and monitoring • change control and patch management • architecture and connectivity • capacity planning • asset management including hardware, software and information • security – logical and physical, social engineering and forensics • back-up and recovery. Book YOUR PLACE at www.iia.org.uk/courses/isaa Page 14 | Training courses for internal auditors 2014 IIA Certificate in Internal Audit and Business Risk IIA Award in compliance audit and assurance Understand the purpose of compliance auditing and carry out such audits for a client. The award will show you how to examine and evaluate defined activities in order to measure their compliance with legal, regulatory or contractual standards. This award focuses in some detail on the methods used for testing, gathering evidence and evaluating findings and assurance. You’ll also learn about the importance of client relationships as part of the process of planning and delivering compliance audits. Who should attend? • n ew entrants to a compliance role with little or no experience of internal audit • those who join or are seconded to a compliance role who need to get up to speed quickly with the tools and techniques used • t hose who work in a compliance role in their own organisation or those who undertake compliance reviews in third party organisations, for example, audits of third party compliance with outsourced contracts • internal auditors with a remit to provide oversight or review a compliance function. What will I learn? Upon completion you will be able to: • u nderstand the compliance role in relation to the three lines of defence and in particular the differences between a compliance role and an internal audit role • e xplain the broad areas of work that a compliance role can encompass • d escribe a typical governance framework for the compliance role and explain how this can work effectively for different stakeholders • a pply appropriate techniques to the development of an annual plan of work • a ssess the most appropriate approaches for the monitoring of compliance risk • u nderstand the tools and techniques used for assessing compliance with laws, regulations, policies and procedures at the operational level • d escribe the structure and competencies required for the board and internal and external audit to be able to place reliance on the assurance provided by those in a compliance role. • g overnance structures and how they can effectively promote a positive compliance culture including the identification, assessment and monitoring of compliance risk, the effect of risk appetite, and risk maturity on the way in which compliance risk is managed • w orking with individual stakeholders including the relationship with regulatory bodies • d eveloping an annual plan of work using a risk based approach • m onitoring compliance activities – approaches to planning a compliance review and the role of continuous monitoring • t ools and techniques for testing the level of compliance to include: – t ype of testing procedures: documentation, observation, meetings/ enquiries, reconciliation/calculation, analytics – types of test: walk-through, compliance and substantive – type of controls: preventive, detective and directive • t esting programmes: writing effective audit tests using examples from a range of compliance test programmes • factors to consider when assessing the quality of evidence: sample sizes and confidence levels • writing up findings from the compliance review • c riteria by which the quality of the assurance provided by the compliance role is assessed. Pre-course work You will need to read the study text that accompanies this course and identify your personal objectives. Presented by Marian Silltow CFIIA Duration Earn the IACert designation Two days Fees IIA member £895 +VAT Non-member £1095 +VAT Study four awards and gain the IIA Certificate for £3460 +VAT. See p8 for details. Dates 27–28 February, London 19–20 June, York 16–17 October, London 25–26 November, York Course programme The following topics will be covered: • t he compliance role and responsibilities in relation to the three lines of defence to include management (first line of defence) and internal and external audit and regulatory bodies (third line of defence) • t he broad areas of work encompassed by a compliance role including designing controls for the first line of defence, working with project teams, providing ad-hoc advice on compliance issues, monitoring and assessing compliance with international standards, laws, regulations, policies and procedures IIA CPD competency areas covered International professional practices framework Business processes & project management Book YOUR PLACE at www.iia.org.uk/courses/caa Training courses for internal auditors 2014 | Page 15 IIA Certificate in Internal Audit and Business Risk IIA/CIPFA Award in audit and assurance in a changing environment (public sector) Learn about the issues and the strategic implications for internal audit resulting from the significant cultural and delivery changes occurring in the public sector. This award will address the practical issues around auditing third party contracts, bidding for audit and assurance contracts, and the difficulties of working with multiple governance frameworks within transnational operations. Who should attend? • n ew entrants to internal audit in the public sector • those with a private sector background who have joined or been seconded to the internal audit team in the public sector • experienced internal auditors who wish to gain an insight into the changing environment within the public sector and its impact on internal audit. What will I learn? Upon completion you will be able to: • describe the strategic and operational changes driving the public sector agenda • identify the ways in which the public sector can effectively manage its financial resources • d escribe the different delivery mechanisms available to the public sector and identify the most appropriate option in a given set of circumstances • u nderstand what is meant by performance management and value for money • d emonstrate an awareness of what is meant by counter-fraud and identify the types of fraud that are most likely to occur in the public sector • identify and make a professional response to the changes in the public sector and address the practical audit issues arising • identify areas of improvement for internal audit in the public sector and describe how internal audit can effectively respond to an improvement agenda • p rovide appropriate support to the process for bidding for internal audit contracts against competitors. • w hat is effective performance management; criteria that need to be in place to ensure an effective performance information system; different types of performance measure; difference between performance measures and targets; value for money within a performance management system • w ays of managing the risk of fraud; types of anti-fraud initiatives being implemented in the public sector; areas in the public sector that are most vulnerable to fraud • h ow change initiatives affect internal audit; anti-fraud audit; contract audit; the audit role in value for money; how internal audit can manage the implications of multi-governance environments • t ransformation of internal audit; how internal audit can improve; bidding for outsource contracts. Pre-course work You will need to read the study text that accompanies this course and identify your personal objectives. Presented by Marian Silltow CFIIA Duration Two days Fees IIA member £895 +VAT Non-member £1095 +VAT Earn the IACert designation Study four awards and gain the IIA Certificate for £3460 +VAT. See p8 for details. Dates 10–11 April, London 20–21 November, York IIA CPD competency areas covered International professional practices framework Managing change Course programme The following topics will be covered: • introduction to the course, participants expectations and the miniaction plan • drivers for strategic change in the public sector such as innovation and cultural change/cost reduction/use of information technology/ internal audit transformation • different ways in which the public sector can minimise expenditure and maximise income without damaging the primary objective of delivering public services • business models available in the public sector for delivering services; advantages and disadvantages of the various options; managing outsourced contracts; in-sourcing; commissioning services and outcome based commissioning Book YOUR PLACE at www.iia.org.uk/courses/aace Page 16 | Training courses for internal auditors 2014 Take your training further with an IIA qualification If you’re serious about a career in internal audit, our qualifications will give you the skills, knowledge and career prospects you need to achieve your goals. IIA qualifications are seen as a mark of quality by employers and they are stimulating, rigorous and rewarding – just like internal audit! IIA Diploma Develop the comprehensive skills you need for effective internal audit delivery IIA Advanced Diploma Achieve Chartered Internal Auditor status The IIA Diploma is a stimulating postgraduate programme that leads to the PIIA designation. It’s the benchmark for the profession and is highly valued by employers. This qualification will give you a comprehensive and practical understanding of internal audit, risk management and control, and corporate governance. You will also learn about the current and emerging issues facing internal audit. If you’re already qualified in internal audit, why not maximise your potential and raise your profile by becoming a Chartered Internal Auditor? Study the IIA Advanced Diploma and you’ll master the strategic and technical skills required to be an effective internal audit manager. It leads to the CMIIA designation and is the most advanced qualification for our profession in the UK and Ireland. How will you benefit? As a qualified internal auditor, your career will be enhanced by your professional status and the recognition that comes with it. You will also be more effective in your role and better equipped to meet the challenges ahead as internal audit moves into a more strategic position. How will you benefit? This qualification will extend and consolidate your knowledge and skills in all aspects of internal audit, corporate governance, risk management and control. It will demonstrate your commitment and expertise and help you to reach and operate at the highest level. Find out more at www.iia.org.uk/diploma Find out more at www.iia.org.uk/chartered Training courses for internal auditors 2014 | Page 17 Strategy and leadership Heads of internal audit – induction master class Being a head of internal audit is both rewarding and challenging, but if you’re new in post, it can also be daunting. This master class will show you what it takes to be effective in the role and maximise your chances of success. It will focus on the challenges and opportunities new heads of internal audit face and show how you can make a contribution at a strategic level to improve overall business success. Presented by Who should attend? Non-member £1095 +VAT New heads of internal audit and managers who are about to be promoted into the role. Dates What will I learn? Upon completion you will be able to: • be confident knowing what it really takes to be an effective head of audit • understand how to make an effective and valuable contribution at strategic level and towards overall business success • be clear about how your internal audit function’s role is defined and how it fits into the ‘assurance jigsaw’ thereby affecting your key leadership priorities • g ain a clear understanding of practical ways to manage key relationships with the audit committee, senior management and peers • review progress to date and proposed plans to identify key priorities for you and your department to help maximise your contribution to your organisation • share experiences, build networks and benchmark. Course programme • k ey priorities for heads of internal audit • the key ways that new heads of audit can be derailed • a benchmarking and best practice review of risk management practices and how internal audit might best engage with this • a review of internal audit best practices so you can benchmark the performance of your function • stakeholder management • internal audit planning • assignment quality and productivity • reporting in impactful ways to line management and senior stakeholders • working with other assurance functions • staff management practices – team capability, performance management, development and coaching • developing an internal audit strategy and influencing wider risk and governance developments in your organisation • tips and pitfalls in managing senior executives and the audit committee • developing a practical, prioritised action plan. James Paterson PIIA Director, Risk & Assurance Insights Ltd Duration Two days Fees IIA member £895 +VAT 12–13 March, London 25–26 June, York 7–8 October, London IIA CPD competency areas covered International professional practices framework Business processes & project management New in post? Connect with people who understand the challenges you face and keep up to date with important issues in risk, governance and control. Join our Heads of the Internal Audit Service. Join our network Find out more at www.iia.org.uk/heads Book your place at www.iia.org.uk/courses/heads Page 18 | Training courses for internal auditors 2014 Strategy and leadership Strategy and leadership Successful strategies for heads of internal audit – a master class Heads of internal audit face the combined challenges of delivering organisational performance and managing costs, whilst at the same time improving risk management, governance and compliance. You need to work closely with business leaders and the board. This master class will help you to build and manage these relationships. Who should attend? Heads of internal audit and senior audit managers who deal with leaders and board members. What will I learn? Upon completion you will be able to: • learn some of the key hallmarks of top leaders and the typical dynamics of top leadership meetings • consider how to maximise your impact and contribution at the senior leader and board level • explain how internal audit adds value to key stakeholders. Tangible outcomes will include: • understanding the relationship triangle between the heads of internal audit, audit committee members and senior managers • examining what is valued by key stakeholders • recognising the tension points that result from differing roles and viewpoints • r ecognising the life cycle of relationships; induction, smooth sailing and choppy waters • actions and next steps. • u nderstanding how internal audit is perceived • gaining insights around your own leadership and influencing style • understanding key biases and psychological pitfalls in one to one interactions • understanding the way group dynamics operate • use of action learning techniques to apply insights and learning • influencing the audit committee, board and senior executives. Presented by James Paterson PIIA, Director Risk & Assurance Insights Ltd Duration One day Fees IIA member £475 +VAT Non-member £675 +VAT Dates 16 May, London 13 November, London Course programme • t he special relationship between internal audit, senior executives and the audit committee • key influencing models • understanding what stakeholders value using the Kano model IIA CPD competency areas covered Personal effectiveness Managing performance Book your place at www.iia.org.uk/courses/ssmc Successful strategies for audit managers – a master class Today’s internal audit managers need to work closely with business leaders, their head of audit, peers and their audit teams. Stakeholder management and influencing skills are becoming as important as managing a team. This master class will help you build and manage these relationships. Who should attend? Senior audit managers who deal with business leaders and/or manage members of the audit team. What will I learn? Upon completion you will be able to: • r ecognise your own strengths and development needs in relation to managing senior leaders, peers and members of staff • b e more confident dealing with senior leaders • u nderstand the challenges of influencing peers and techniques to use to effect change • e xplain how internal audit adds value to key stakeholders. Tangible outcomes will include: • h aving a clearer sense of what stakeholders really value • a clear plan of the relationships that need to be improved and in what way • t ools and techniques to improve staff management, whilst maintaining morale and empowerment • b eing aware of your style and impact and the areas you need to improve • k nowing when to use action learning techniques ahead of key ‘must win’ encounters. • u nderstanding the common pitfall areas for auditors when influencing • g aining insights around your own leadership and influencing style • u nderstanding key biases and psychological pitfalls in one to one interactions • u nderstanding the way group dynamics operate • a pplying insights and learning to leading the audit team, influencing peers and influencing upwards • u sing this knowledge to develop your career and add value to the business. Presented by James Paterson PIIA, Director Risk & Assurance Insights Ltd Duration One day Fees IIA member £475 +VAT Non-member £675 +VAT Dates 11 March, London 24 June, London IIA CPD competency areas covered Course programme Personal effectiveness • k ey influencing models • u nderstanding what stakeholders value using the Kano model Managing others Book your place at www.iia.org.uk/courses/ssam Training courses for internal auditors 2014 | Page 19 Strategy and leadership Leading the audit team Motivating and leading a team of people who are under stress is an important skill for managers. There is often a conflict between the need to get the job done and the needs of the people in the team. This course is designed to cover a range of skills required for getting the most from your audit team. Who should attend? Internal audit managers, audit team supervisors and anyone responsible for leading a team or setting up a new one. What will I learn? Coaching skills You will be introduced to a coaching model and practise coaching one another on a work issue. Managing performance • h ow to prepare and structure a meeting about underperformance • k ey principles of giving feedback • g roup discussion and practical exercises on managing performance. Managing difficult people • recognising trigger points in others • managing our reactions to difficult people • dealing assertively with conflict. Upon completion you will be able to: • recognise different strengths within the team and yourself and plan how to use these effectively • adapt your leadership style so that you achieve better results with each individual • motivate people through a variety of methods • coach and set goals for people • manage performance within the team more effectively • recognise the symptoms of stress within people and plan remedial action • plan the audit with the team. The audit context Tips and hints on managing audit teams. Course programme Non-member £1095 +VAT The first part of the course focuses on feedback on Belbin team roles. Pre-work questionnaires are issued and the information is collated into a report so that you get a clear picture of what team roles are best suited to you. The course is very participative with individual and group exercises, case study, role play, tutor input and discussion throughout. Putting together the audit team • Belbin team role feedback for each delegate • understanding where the strengths and weaknesses may lie within your team • what’s different about audit teams? • leadership styles and how to use them effectively • the situational leadership model • you will complete a diagnostic and identify how to use the four different leadership styles with other team members. Presented by Ian Middleton MA CA CFIIA together with a MAST International specialist trainer Duration Two days Fees IIA member £895 +VAT Dates 13–14 May, London 23–24 September, London IIA CPD competency areas covered Managing others Managing performance Motivation • recognising different motivational patterns in yourself and others • working with different motivational triggers to improve performance. Case study This is based on an audit assignment. You will select the appropriate team and discuss the potential pitfalls of an audit. Managing stress Using HSE guidelines, you will work on the key factors which create stress in the workplace and learn how to mitigate that stress. The emphasis is on helping team members to support one another during stressful work periods. Book YOUR PLACE at www.iia.org.uk/courses/lat Page 20 | Training courses for internal auditors 2014 Strategy and leadership The internal auditor’s guide to strategic thinking More and more organisations are teaching their key people to think strategically. This makes for more efficient planning, smoother transitions in the time of change and fewer insoluble problems. This course will show you the techniques and set you on the road to efficient and clever strategic thinking. Who should attend? Heads of internal audit, senior internal audit managers and directors of risk management. What will I learn? Upon completion you will be able to: • understand the techniques required to think strategically • think your way through to innovative solutions • work with your own preferred mind pattern • get out of your present thinking box • find the way forward in even the trickiest situation • apply the concept of strategic intent and evaluate its appropriateness in your department • prepare a competitive analysis of your department with recommendations for strategic development • evaluate your own organisation and your department in terms of its core competencies • build a strategic plan for your section or department. Course programme Downboard thinking. Life can be like a game of chess • one move ahead is not enough • e nvision the future – how to be a futurist • d iscover opportunities behind obstacles – explore patterns of behaviour. Creative and critical thinking • how to think outside the box • techniques to reveal your creative mind. Checklist for creating a strategy • objectives • SWOT • scenarios, targets and allies • tactics and timing. Presented by Judy Fuggle, Jane Allan & Associates Duration One day Fees IIA member £475 +VAT Non-member £675 +VAT Dates 16 April, London We will tailor the course content to the sectors represented in the room. Please bring some examples of situations with you to work through in your group. 16 September, London Understand yourself and your thought processes • the upper level thinking skills • y our personal thinking capacities • establish your strategic perspective. IIA CPD competency areas covered The five criteria for strategic thinking • organisation • observation • views • driving forces • ideal position. Join our heads of internal audit network Personal effectiveness Business processes & project management Book your place at www.iia.org.uk/courses/gst If you work at a senior level, why not consider joining our Heads of Internal Audit Service? This is a knowledge-sharing and networking group that will connect you with people who understand the Find out more at challenges you face. www.iia.org.uk/heads Training courses for internal auditors 2014 | Page 21 Professional development and practice An introduction to internal auditing As a result of emerging corporate governance requirements the profile of internal audit has reached an all-time high. If you are about to become involved in internal audit you need to be familiar with the fundamental requirements of the role. This practical course will guide you through the principles and techniques of internal auditing to help you plan and perform audit work in line with the latest standardsand best practice. Interviewing techniques • t ypes of interview and their essential features • use of questions, body language and note taking. Who should attend? Computer audit (an overview) • t he generalist and computer auditor • o rganisation of computer audit • c omputer audit techniques. New entrants to internal audit and those who have limited experience, as well as anyone returning to the function and in need of a refresher. What will I learn? Upon completion you will be able to: • u nderstand the organisation, planning and control of internal auditing • relate to the current philosophy and practice • realise and manage the behavioural implications of internal auditing • appreciate the essential techniques to be used. Course programme The challenging world of internal audit • the purpose, potential and change • principles of internal audit • current International Standards for the Professional Practice of Internal Auditing. Internal audit relationships • management expectations • image of internal audit • behavioural reactions • building relationships • external audit. Fraud and the internal auditor • what is fraud? • why involve internal audit? • police implications • fraud investigations. Planning internal audit work • the audit charter and universe • risk assessment and risk based internal audit • strategic, annual and assignment plans. Risk management, corporate governance and control evaluation • definitions • internal control and COSO • systems, risk and control objectives • types of controls • evaluation techniques and documentation. Testing, sampling and working papers • problems for internal auditors • effects on auditees • a testing framework and gathering evidence • a working paper strategy. Internal audit reporting • s tyle and structure • m arshalling information • w ord choices and grammar implications. Quality assurance of internal audit • qualitative aspects • performance measures • quality standards. Presented by Graham Westwood FCCA CPFA FIIA Stephen Maycock CFIIA CRMA CIRM Duration Three-day residential course Fees IIA member £1495 +VAT Non-member £1695 +VAT This includes course materials, two nights accommodation and meals and refreshments throughout. Dates: 4–6 March, Surrey 13–15 May, Dublin 17–19 June, Surrey 15–17 July, York 9–11 September, Surrey 7–9 October, York 4–6 November, Surrey 2–4 December, York IIA CPD competency areas covered International professional practices framework Risk & control Book YOUR PLACE at www.iia.org.uk/courses/iia Page 22 | Training courses for internal auditors 2014 Professional development and practice Audit report writing Professional development and practice Ultimate persuasion techniques Internal auditors have to create reports that are clear, logical and convincing. Writing compelling content requires correct presentation and sequencing of observations and findings. This introduction to audit report writing will show you how to produce reports that have an impact and add value to your organisation. The power of persuasion enables smooth transition to better methods and risk-limiting outcomes. In short, internal auditors cannot afford to lose the argument. This course will teach you effective persuasion techniques; bring examples of situations you face at work and you’ll take away solutions to tackle them. Who should attend? The course is suitable for everyone – particularly those who work with the stubborn, the unwilling and the downright difficult. The course is open to everyone but is most suited to those with little or no report writing experience. What will I learn? Upon completion you will be able to: • write a report using information that meets target audiences’ requirements • d eploy a structure for writing up observations that maximise acceptance of the audit viewpoint • apply strategies to maximise conciseness and improve readability. The course is accompanied by an indexed manual that includes full course text, examples, and strategies for use in audit report writing on return to work. Please note, the course does not teach spelling or grammar – that knowledge is assumed. Course programme Introduction • good and bad reporting • take care of what’s important! Audience and framework: empathy with your audience • the target audience • structure of audit reports • style expectations • amount of detail • action plans • process enhancements • corrective action taken during the audit • integrating writing into the audit process – synergy • t he universal five Cs approach for recording issues: condition, criterion or comparator, cause, consequence and conclusion • co-operative conclusions • prioritisation of recommendations • layout of observations in reports • q uality check on detailed findings. Executive summaries • top level information • audit and scope statements • introductions in executive summaries • audit opinions. Conciseness, preciseness and readability • phrasing, jargon, spelling and structure. Presented by Stan Dormer CFIIA MindGrove Ltd Duration One day Fees IIA member £475 +VAT Non-member £675 +VAT Dates 26 February, London 11 June, London 3 December, London IIA CPD competency areas covered Personal effectiveness Communication Book YOUR PLACE at www.iia.org.uk/courses/arw Who should attend? What will I learn? Upon completion you will be able to: • influence all types of individual • u nderstand why some people are more difficult than others to persuade and still persuade them • u se your behaviour to help others accept your ideas • u nderstand how to build very high levels of rapport • b uild a permanent commitment to any changes you introduce. Course programme Influencing skills audit • a ssertion, expertise, political acumen through preparation • e ffective presentations, client centred. People • u nderstanding the human psyche • the hidden effect you can have • behaviour breeds behaviour • how to make sure you use your own behaviour wisely and that no one takes advantage of you. Emotional intelligence • u nderstand the impact of your emotional intelligence • u se it to influence colleagues, customers and family alike • h ow do your filters work? Are they helping or hindering? The power of body talk • u sing your body talk to influence • choosing the words with care. OK, influence me • r ole plays to help you practise your new skills. Permanent commitment • how to ensure lasting influence • get real not token agreement • see it past the new toy stage. Before attending the workshop you will be asked to complete a questionnaire to help you think about your approach to those you seek to influence. Presented by Judy Fuggle, Jane Allen Associates Duration One day Fees IIA member £475 +VAT Non-member £675 +VAT Dates 3 April, London 4 September, London IIA CPD competency areas covered Personal effectiveness Communication Book YOUR PLACE at www.iia.org.uk/courses/upt Training courses for internal auditors 2014 | Page 23 Professional development and practice Techniques for effective testing Testing can be a very time consuming part of the internal audit process and it often becomes more complex than first thought. This course will help you design testing activities that are efficient, effective and appropriate to each situation. You’ll learn to focus on clear objectives throughout the testing process and use this to produce sound conclusions that are more likely to be accepted by management. Who should attend? Internal auditors responsible for the design or performance of internal audit testing. What will I learn? Upon completion you will be able to: • appreciate the role of testing within the context of the internal audit process • design tests focused on achieving test objectives and meeting assurance requirements • select and apply sampling techniques that will help to ensure test objectives are achieved • appreciate the different ways in which a range of Computer Assisted Audit Tools and Techniques (CAATTs) can be used to support testing activities • conduct tests and document test results in a manner that will help to ensure accuracy, efficiency, integrity and confidentiality • interpret test results and develop conclusions that are supportable with appropriate evidence • present test results to management in a manner that will contribute to obtaining agreement on any actions that may be required • understand how to develop and preserve relationships whilst maintaining high ethical standards. Sampling • s ampling methods and techniques • deciding sample sizes. Computer Assisted Audit Tools and Techniques (CAATTs) • different types of CAATTs and their uses • how to use CAATTs effectively. Drawing conclusions • extracting meaningful information from test results • understanding and using evidence • presenting test results to management. Human factors • o btaining agreement • m anaging relationships • m aintaining ethical standards. Presented by Stephen Maycock CFIIA CRMA CIRM Duration Two days Fees IIA member £895 +VAT Non-member £1095 +VAT Dates 18–19 March, London 10–11 June, Dublin 17–18 September, York 10–11 December, London Course programme This highly interactive course features lots of practical exercises. A series of examples will demonstrate the practical application of the theoretical aspects covered. The following topics will be explored: IIA CPD competency areas covered Risk & control Test objectives • the role of testing within the context of the internal audit process • defining test objectives • levels and types of assurance. Designing and conducting tests • types of test - linked to assurance • tools and techniques used in testing • efficient documentation. Book YOUR PLACE at www.iia.org.uk/courses/tet Page 24 | Training courses for internal auditors 2014 Professional development and practice A practical guide to evaluating risks and controls There are many theoretical models and frameworks to guide the development and review of effective risk management and internal control processes. The challenge for internal auditors is how to put them to good use. This course will help you apply theoretical knowledge to practical situations. It will also make you more confident in the definition of risks and controls and therefore improve the effectiveness of your internal audit work. Evaluating controls • u nderstanding the full range of controls • u sing control models to identify controls • t he role of monitoring controls • e valuating controls within the context of control models. Who should attend? Analysing internal audit results • interpreting the results of internal audit work • putting findings within a business context • use of control models in the formulation of recommendations. Internal auditors who want to improve their processes and learn how theoretical models and frameworks can be applied to their everyday work. What will I learn? Upon completion you will be able to: • a pply risk and control frameworks to a range of internal audit processes • work with management at all levels to identify and understand key risks and controls • define risks and controls in a manner that will help provide the correct focus for the internal audit work • u se risk and control models to evaluate controls/other risk mitigation strategies • appreciate the role of monitoring within risk and control frameworks • use risk and control models to design tests, interpret results, put findings in a business context and formulate useful recommendations • feel confident when discussing risks and controls with management at all levels • use appropriate terminology related to risks and controls. Testing with a clear purpose • t he use of risk and control models in test design • t esting within the context of risks and controls. Providing assurance • g etting the message across • p roviding assurance within the context of risk and control frameworks. Managing relationships • h ow to work effectively with management at each stage of the audit process. Consulting engagements • a pplying risk and control models in consulting assignments. Presented by Stephen Maycock CFIIA CRMA CIRM Duration Two days Course programme Fees This practical and interactive course guides delegates through the application of theory to internal audit processes covering the following topics: Non-member £1095 +VAT Risk management • key stages of risk management • applying risk management frameworks to internal audit processes • making effective use of the output from risk management systems. Understanding risk • identifying and clarifying risks • the difference between risks and issues • how to distinguish between business risks, process risks, and control risks • describing risks in an effective manner. IIA member £895 +VAT Dates 11–12 March, London 21–22 May, Dublin 11–12 November, York IIA CPD competency areas covered Risk & control Book YOUR PLACE at www.iia.org.uk/courses/erc Training courses for internal auditors 2014 | Page 25 Professional development and practice NE W Keeping up with technology – better governance and control High-profile technology issues always seem to be in the news – a business being hacked, a company being fined over data protection breaches, or somebody coming to harm because of bad data. This course will help you understand IT governance and the architecture of IT controls so that you can review the technology practices in your organisation. Who should attend? This course is open to all. What will I learn? Upon completion you will be able to: • review the six major principles of IT governance within your own organisation • c heck whether your organisation is working within the standards • understand the difference between ad-hoc control structures and IT controls designed for the purpose. Course programme What’s in the news? The problems stemming from security breaches, poor data control and non-compliance. Governance • accountability of IT operations and services • in house/outsourced services • strategic planning for IT • acquisition of IT • performance of IT • what the law demands • IT – success, failure and the human factor. Driven by standards • standards for governance, operations, development, security and recovery. Development of IT controls – an architect’s approach • plan controls to match requirements • mapping the objectives to operational processes • threat and risk analysis • d riving the analysis down to detail • w hat control services are needed to deal with threats? • c hoosing the balance – how effective must the control service be – what are we prepared to pay? • c an we combine controls – streamline – optimise? • d o we want to constrain the user – inform management – or both? • o rganisation and sequencing of control elements for maximum efficiency • o perational variance triggers and continuous monitoring of active controls. Presented by Stan Dormer CFIIA MindGrove Ltd Duration One day Fees IIA member £475 + VAT Non-member £675 + VAT Dates 6 June, London 21 November, London IIA CPD competency areas covered International professional practices framework Information technology Risk & control Book YOUR PLACE at www.iia.org.uk/courses/kut Page 26 | Training courses for internal auditors 2014 Professional development and practice Using Visio to create process maps NE W Internal auditors often struggle to produce useful process maps with Visio. If you find the programme difficult to use – or you’ve given up trying – then this course is for you. It will show you tips and techniques to speed up Visio mapping so you can make better use of the programme during the planning phase of a review. Who should attend? This course is open to all. What will I learn? After completion you will be able to: • d raw Visio process maps quickly • o rganise your process map to convey maximum information • b uild your own rapid shapes to automate drawing processes • capture your result in MS Word to enhance an audit report. The course is accompanied by a manual that contains full course text and useful guidance and a CD/DVD of practice data. Each delegate must bring a laptop to the course with MS Office Visio 2007 (or later). Course programme Working with Visio • c reate new (blank) drawing • s et up page options as required • fl oating palettes and other useful features • a uto-hide • b asic tools and operations • s hapes and stencils • c opy and paste – four ways • s peeding up drawings auto connect • d ynamic snapping • s howing risk and controls on plan – setting the standard • t aming text • legends and callouts • m ultipage and multilevel drawings • c reating primitives and editing shape sets • m aking Visio calculate! • c opy and paste whole drawing – paste to and from other applications • s hort cut keys for Visio. Presented by Stan Dormer CFIIA MindGrove Ltd Duration One day Fees IIA member £475 +VAT Non-member £675 +VAT Dates 2 April, London 1 October, London IIA CPD competency areas covered Communication Business processes & project management Book YOUR PLACE at www.iia.org.uk/courses/vpm Professional development and practice Process thinking for internal auditors This course uses analytical strategies and visualisation techniques to help locate inefficiencies, unnecessary complexity and risks within a process. It will develop your process skills and help you improve the value and business-relevance of your work. The course is led by the creators of the technique. Who should attend? This course is open to all. What will I learn? Delegates will spend most of their time learning through practical examples. Upon completion you will be able to: • appreciate how process thinking incorporated within the audit process generates more business-like audit results • understand the characteristics of process chains and see how these generate value for organisations, for customers and clients and how processes can generate or suppress risk • deploy a range of new techniques to help improve the evaluation of processes and controls • perform low-impact process modelling to contribute quantitative and qualitative value to audit observations and conclusions. The course is accompanied by a manual that contains full course text and examples. A demonstration version of a process modelling tool will also be made available to delegates. Course programme The auditor and process thinking • the process thinking auditor uses new ways to communicate and embraces ideas for process improvement • LEAN and Kaizen • adding value – process thinking – appropriate roles and strategies. Process thinking further strategies • e xploring risk from process models using a step by step approach • m ake sure you ask the right questions • d ocument service and risk attributes to help analyse hand-off risk • m ap elements of complex interview narrative notes • u se an architectural view to understand the strength of controls • fi nd points at risk and suggest controls • s wim lanes • s how roles and segregation • u se a model to define minimum segregation zones within processes • s how the point at risk by using visual pointers • improve the control chain • p ractice on something you understand to gain confidence • low impact adoption into audit processes. Presented by Stan Dormer CFIIA, MindGrove Ltd Duration Two days Fees IIA member £895 +VAT Non-member £1095 +VAT Using Visio to create process maps (see opposite) would be a useful precursor to this course. Dates 3–4 April, London 2–3 October, London IIA CPD competency areas covered Business processes & project management Beginning at the beginning • process chains and value • matters influencing perceived value • damaging value by failing to control risk • the five places that should be scrutinised for risk in process chains • process optimisation - disintermediation • create flow – data capture • create flow – sequence • create flow – adding extra value • create flow – serial and parallel activities • create flow – time cycle. Process thinking strategies • use process maps to document risk and control • use process maps to reduce having to write and store so much text • visualisation: draw a map of organisational objectives • activity cost resourcing – process quantification • use activity cost comparisons to determine optimum flow • calculate the cost of control. Book YOUR PLACE at www.iia.org.uk/courses/pt Training courses for internal auditors 2014 | Page 27 Professional development and practice Putting Office to better use – CAATs Internal auditors often use only a fraction of the capability of the software that sits on their PC. This course will show you how to get the most out of Excel, Word and Access. You’ll learn tips and tricks that will speed up your audit work, particularly in the fieldwork and testing phase of a review. Who should attend? This course is open to all. What will I learn? Upon completion you will be able to: • check up to 100% of the data available to you electronically • put the most vital components of Office to use in the most efficient manner • interoperate between different Office applications • polish your results in Word to create a great looking report. The course is accompanied by a manual that contains full course text and a CD/DVD of practice data. Each delegate must bring a laptop to the course with MS Office 2007 (or later). Course programme Working with Access • a new database • choose data to import • exporting the data, or any access table • how to run queries to produce audit reports • produce the report • calculated fields and testing • using expression builder. Working with Word • s etting up options – once and for all • adding special symbols • styles • take control of pasting • alter formatting quickly • indexing – references – citations • foot notes and end notes • white space and paragraphs • tables • images and picture positioning • using the clipboard and the spike. Control effectiveness and testing • interrogation tools, query languages and free standing audit packages • substantive testing • compliance testing. Presented by Working with Excel • checking data integrity in spread sheets • trace cells and show and watch calculations • re-performance and virtual calculations • excel statistics • filtering and stratification • pivot tables and slicers • sortation • using colour, icons and thematic schemes • data integrity and validity checking • find unique and duplicated records • pivot tables • data import from usual and unusual sources • creating charts for export. Fees Using queries • connecting with external data • creating a query • tables and fields • criteria and limitations • sorting results • save query for re-use • exporting / importing and polishing results. Stan Dormer CFIIA, MindGrove Ltd Duration Two days IIA member £895 +VAT Non-member £1095 +VAT Dates 28–29 April, London 6–7 November, London IIA CPD competency areas covered Information technology Data collection & analysis Personal effectiveness Book YOUR PLACE at www.iia.org.uk/courses/off Page 28 | Training courses for internal auditors 2014 NE W Professional development and practice PowerPoint for meetings and reports NE W Internal audit teams often use PowerPoint to produce their audit reports and most people use it to create presentations. However you use it, the chances are, you’re not realising the potential of this powerful tool. This course will show you all the useful functionality you need to create effective reports and present your findings after a review. Who should attend? This course is open to all. What will I learn? Upon completion you will be able to: • design PowerPoint presentations that communicate, are aesthetically pleasing and convey professionalism • organise your slides to convey maximum information • build your own rapid themes to help automate the slide building process • use features to enhance your audit reporting. The course is accompanied by a manual that contains full course text and a CD/DVD of practice data. Each delegate must bring a laptop to the course with MS Office 2007 (or later). Course programme • w hy use PowerPoint for an audit report? • using colour, text and thematic schemes that semi-automate slide production • creating an aesthetically pleasing composition • emphasising a key issue – the judicious use of images • controlling data displayed – using optional slide pathways to deal with different audience reactions • hiding slides • r evealing data through mouseover and action buttons – controlling disclosure • bringing in comparator data – importing tables and data from other sources • where silence is not enough – moving images or sound • interacting with your slides – creating a natural direction for your presentation • support your presentation – hand-outs and slide notes • being careful with meta-data – what you don’t want published. Presented by Stan Dormer CFIIA, MindGrove Ltd Duration One day Fees IIA member £475 +VAT Non-member £675 +VAT Dates 5 June, London 20 November, London IIA CPD competency areas covered Information technology Communication Join the IIA As a member you’ll save money on our courses. That’s one good reason to join, and here are five other ways you’ll benefit from membership: 1.Access exclusive technical resources – detailed guidance, help sheets and checklists that will help you perform your role. 2.Contact the technical team direct to get personalised advice: no problem too small, no challenge too big! 3.Receive Audit & Risk magazine six times a year: read about the knowledge, trends and people shaping our profession. 4. Take part in our free member-only webinars and save money on events, seminars and conferences. 5.Help shape the profession – we represent members’ views with policy-makers, regulators, business leaders and the media. Personal effectiveness Find out more at Book YOUR PLACE at www.iia.org.uk/courses/ppt www.iia.org.uk/join Training courses for internal auditors 2014 | Page 29 RISK AND AUDIT RISK AND AUDIT Risk based internal auditing – a practitioner’s course Risk based internal auditing (RBIA) is a methodology that enables internal audit to assess the adequacy of the assurance framework and the reliability of assurance sources. This course will give you the ability to apply RBIA to audit assignments and assurance reporting. Who should attend? All internal auditors who provide assurance on control and management of business risk. What will I learn? Upon completion you will be able to: • link the organisation’s risk management framework to each stage of RBIA • r ecognise the elements that contribute towards the risk maturity of an organisation • u nderstand how internal audit fits into the wider assurance framework • p lan, deliver and report on audit assignments using RBIA • c onsider the skills and competencies required to deliver RBIA. Risk based internal audit assignments • assignment planning • developing the internal audit scope • linking objectives, risks and controls. Delivering assurance • t he role of management • t esting and evidence – how far do you go? • t he concept of risk appetite and agreed action • b ehaviours and competency. Presented by Stephen Maycock CFIIA CRMA CIRM Duration One day Course programme Fees What is RBIA and what does it mean in practice? • o verview of principles and guidance • t hree stages of RBIA • d riving forces for change. IIA member £475 + VAT Non-member £675 + VAT Providing assurance on risk management • s ources of assurance to the board • what does good risk management look and feel like? • the risk maturity continuum and its impact on the internal audit approach. Dates 7 May, York 25 November, London IIA CPD competency areas covered International professional practices framework Risk & control Book YOUR PLACE at www.iia.org.uk/courses/rbpc Page 30 | Training courses for internal auditors 2014 Assurance mapping – a practitioner’s workshop An assurance map (AMAP) is a tool to ensure key risks are assured across your organisation – driving out gaps and overlaps in the assurance jigsaw. The idea seems straightforward but there are many stories of lengthy, complex and incomplete assurance mapping efforts. This workshop will give you a thorough understanding of the principles and practical application of AMAPs. Who should attend? Head of internal audit and internal audit managers. What will I learn? Upon completion you will be able to: • d eliver AMAPs in a timely and cost effective way, with clear benefits for key stakeholders • s ave time and effort in terms of delivering AMAPs with internal resources, or managing the efforts of others • r ecognise the key components of an effective assurance map • a ssess your current efforts and plans to deliver an assurance map so that you can avoid the common pitfalls and difficulties, including important lessons concerning the scope of an assurance map and key stakeholders to engage • b uild a realistic business case for an assurance map, including likely ‘quick wins’ • p rioritise your current efforts and understand future opportunities, including assurance scorecards and synergy opportunities. • c ase studies – financial controls, compliance, projects, streamlined board reporting • frameworks for improving the co-ordination between audit and assurance providers • h ow assurance mapping can support synergy reviews • implications of an assurance approach for audit planning and assignments • r eview of progress / plans in your organisation and insights on key areas to prioritise. Presented by James Paterson PIIA, Director Risk & Assurance Insights Ltd Duration One day Fees IIA member £475 +VAT Non-member £675 +VAT Dates 13 February, London 13 May, York 24 September, London 14 November, London Course programme • IIA and other definitions of an assurance map • t he different assurance maps and their benefits • a framework for progressing with assurance maps • t he common pitfalls IIA CPD competency areas covered International professional practices framework Quality & control Book YOUR PLACE at www.iia.org.uk/courses/ampw RISK AND AUDIT Risk based internal auditing – an audit management course Risk based internal auditing (RBIA) is a methodology that enables internal audit to assess the adequacy of the assurance framework and the reliability of assurance sources. It requires internal audit to be strategically and operationally linked to the business risk and assurance frameworks. New skills are required to implement RBIA effectively and this course will provide comprehensive training on applying the methodology. Who should attend? Heads of internal audit and senior internal auditors involved in planning and providing assurance on control and management of business risk. What will I learn? Upon completion you will be able to: • apply the key concepts of RBIA to your organisation • link the organisation’s risk management framework to each stage of RBIA • determine risk maturity and apply the relevant approach • understand how internal audit fits into your organisation’s assurance framework and undertake an assurance mapping exercise • produce a RBIA plan • apply a risk based methodology to internal audit assignments • provide meaningful assurance statements to your audit committee and board. Course programme This course will provide you with practical examples and case studies on the application of RBIA. The following topics will be covered: Environment • driving forces for a risk based approach • overview of current guidance – RBIA stages • meeting board/audit committee requirements. Assurance framework • sources of assurance to the board • mapping assurance sources • reviewing the adequacy of assurance • linking the internal audit plan into the assurance framework. Risk based internal audit planning • internal audit planning case study • mapping risks, processes, business units and assurance • p rioritising the focus of assurance (or what to audit with limited resources) • understanding the concept of risk appetite • the involvement of management in the internal audit plan. Risk based assignment planning and reporting • d etermining the assignment scope • m onitoring controls - the management role • r eporting conclusions and agreeing action - a new approach. Reporting on risk and control • assurance statements from internal audit • making assurance statements meaningful and useful. Challenges to successful implementation • p ractical problem solving to provide solutions to your barriers. Presented by Stephen Maycock CFIIA CRMA CIRM Duration Two days Fees IIA member £895 +VAT Non-member £1095 +VAT Dates 26–27 March, London 14–15 October, York IIA CPD competency areas covered International professional practices framework Risk & control Risk management and maturity • what does good risk management look and feel like? • forming risk maturity opinions – where does your organisation sit on the risk maturity continuum? Book YOUR PLACE at www.iia.org.uk/courses/rbam Training courses for internal auditors 2014 | Page 31 RISK AND AUDIT Auditing enterprise-wide risk management (ERM) Many organisations have been developing and implementing enterprise-wide risk management (ERM) processes, often in response to more demanding governance requirements. This usually results in a major shift in the focus of the assurance requirements of the board. Internal auditors must be able to respond by providing holistic assurance over the effectiveness of the whole ERM framework. This course will help you audit ERM processes to meet the board’s requirements. Conducting an audit of ERM • r eviewing the design and operation of each component of the ERM framework • obtaining the perceptions of management • using ERM outputs to inform the evaluation. Who should attend? Presented by • h eads of internal audit and senior auditors who have responsibility for providing assurance over developing or established ERM processes • internal auditors who may need to review the operation of risk management processes within individual functions, departments or units • this course will also be of interest to risk managers and others seeking guidance on how to review and conclude on the effectiveness of ERM processes. Stephen Maycock CFIIA CRMA CIRM What will I learn? Dates Upon completion you will be able to: • describe the essential components of ERM • recognise the key characteristics that contribute towards effective ERM • draw upon a range of techniques for reviewing ERM • evaluate the effectiveness of the design and operation of the different components of an ERM framework • consider the methods for assessing the operation of ERM at different levels of the organisation • assess the overall effectiveness of ERM • advise management on ways to enhance the effectiveness of the design and operation of the organisation’s ERM framework and processes • present the results of an ERM review in a meaningful way to help drive improvements within the organisation. Concluding on the effectiveness of ERM • drawing conclusions on each element of the ERM framework • providing assurance – presenting results in a clear manner • agreeing the way forward – a catalyst for continuous improvement. Duration Two days Fees IIA member £895 +VAT Non-member £1095 +VAT 10–11 July, London 18–19 November, York IIA CPD competency areas covered International professional practices framework Risk & control Course programme The entire process of auditing an ERM system will be covered: The essentials of ERM • key components of ERM • good practice models • characteristics of effective ERM. Planning an audit of ERM • identifying useful inputs for planning • drawing on good practice models • using a range of approaches for reviewing ERM. Book YOUR PLACE at www.iia.org.uk/courses/aerm Page 32 | Training courses for internal auditors 2014 Auditing specialist topics Auditing specialist topics Lean auditing – delivering added value Auditing fraud risk – a practitioner’s action plan Lean auditing refers to the use of ‘lean’ principles to streamline internal audit activities. Lean provides tools and techniques to eliminate waste, maximise impact and add value – a key objective for many internal audit functions. This course will show you how to apply lean methodology. Internal auditors are expected to provide assurance over their organisation’s fraud risk management and control infrastructure. They must also be able to react to the rapidly changing business environment and emerging risks. This course will help you address fraud risk management and provide assurance in this key area. Who should attend? Who should attend? Heads of internal audit, internal audit managers and experienced audit staff. What will I learn? Upon completion you will be able to: • apply lean tools and techniques to make your internal audit efforts more streamlined and joined up • develop greater insights into the key stakeholders of audit, what they need to add value and practical, proven, techniques that drive efficiency • have a clearer sense of how lean your audit function is compared to others • develop a practical, step-bystep route map of the key areas to focus on to add value and improve efficiency. Course programme • t he background to lean and why it is such a powerful methodology for driving value add and efficiency • developing a value added approach to the audit planning process • developing practical insights into what does and does not add value to the key stakeholders of audit and practical ways to manage different views • how to create assignment plans that focus on value add • d riving audit assignments in a lean way, including ways to streamline testing and reporting, how to leverage existing business, compliance assurance processes and activities • p ractical advice concerning audit and data analytic tools • k ey performance indicators for internal audit that properly capture value add and avoid unnecessary work • o ther working practices in the audit team that can maximise its productivity and impact. Presented by James Paterson PIIA, Director Risk & Assurance Insights Ltd Duration One day Fees IIA member £475 +VAT Non-member £675 +VAT Internal auditors, risk managers and anyone who needs to understand auditing fraud risk. What will I learn? Upon completion you will be able to: • u nderstand the warning signs of fraud • identify potential fraud vulnerabilities and exposures • d evelop an effective fraud audit programme • p rovide informative audit reports to management on fraud risk. Martin Robinson CFIIA FCIS AFA Education and training consultant at Fraud Advisory Panel One day IIA CPD competency areas covered www.iia.org.uk/courses/ladv Presented by Duration Understanding the human dimension • r ecruitment policies, training and awareness. Book YOUR PLACE at Developing a robust audit programme and checklist • a uditing fraud at strategic and operational levels. Fraud and the role of the internal auditor • t he current fraud and cybercrime landscape • identifying and auditing key fraud risks. 7 March, London 1 July, York 6 November, London Business processes & project management Cyber, IT and data • identifying your intellectual property and sensitive data. Course programme Hallmarks of an effective antifraud strategy • fraud prevention and detection policies, tools and techniques • r esponse planning and investigations. Dates Procurement and outsourcing • fraud, bribery and corruption risks in the procurement lifecycle. Fees IIA member £475 +VAT Non-member £675 +VAT Dates 26 February, London 26 June, London 28 October, London IIA CPD competency areas covered Quality & control Finance, payroll and expense management • d iscovering fraud and manipulation in your financial systems. Book YOUR PLACE at www.iia.org.uk/courses/afr Training courses for internal auditors 2014 | Page 33 Auditing specialist topics Value for money (VFM) / performance auditing Organisations are increasingly facing performance challenges driven by the need for greater economy and efficiency. VFM auditing can review performance in this area but few internal auditors have in-depth experience of the methodology. This practical course will show you how to apply VFM techniques to your business. Who should attend? This course is open to all. What will I learn? Upon completion you will be able to: • explain the nature and purpose of VFM / performance auditing • plan and conduct a VFM / performance audit • form an opinion on the economy, efficiency and effectiveness of a system • produce compelling VFM / performance audit reports. This course will be accompanied by a training manual containing full course text, examples and practical advice. Course programme The audit paradigm • what is VFM and performance auditing? • the VFM and performance auditor • a detailed insight into processes • organisational drivers and objectives – the notion of a cascading framework of defined objectives • the specific challenges of VFM. Economy, efficiency and effectiveness • economy and efficiency – and intertwining the two • effectiveness – measuring before and after • goal and outcome achievement – side effects • relating VFM results to other prescribed forms of metrics. Executing the VFM / performance audit • s etting and assigning audit metrics • c onducting the audit • issues that must be considered in the fieldwork phase • c ommunication during the audit and quality assurance of the results. Reporting on the VFM / performance audit • h ow to gain maximum attention and impact • d raft reports • r eport structure • d istribution of the report • follow up to the audit. Presented by Stan Dormer CFIIA, MindGrove Ltd Duration Two days Fees IIA member £895 +VAT Non-member £1095 +VAT Dates 15–16 May, London 9–10 October, London IIA CPD competency areas covered International professional practices framework Risk & control Initiating and planning the VFM / performance audit • audit charter and audit mandate • evidence and repeatability • key steps in the auditing cycle • a risk based approach: a model framework • special planning considerations • VFM and performance audit proposals • performance audit scope • integration of audits. Book YOUR PLACE at www.iia.org.uk/courses/vmpa Page 34 | Training courses for internal auditors 2014 Auditing specialist topics Auditing projects, project management and project risk Success or failure of a project can have a significant impact on an organisation’s reputation, business performance and the confidence of its stakeholders. Failure to deliver a project on time, within budget and to specification poses a major threat to an organisation’s strategic direction and financial viability. This course provides an introduction to the subject of projects and project risk. Hidden dependencies • controlling additional costs and time penalties • plan reassessment • auditing mid-stage projects. Who should attend? Testing, acceptance and rollout • late project corrections • testing and acceptance • rollout. This course is open to all. What will I learn? Upon completion you will be able to: • identify the critical differences between programmes and projects • review the roles and services that support programmes and projects • evaluate the interplay between risk, cost and time in projects • understand the world of project decision making • plan for project and programme audits using realistic engagement strategies • execute a variety of project audits at the beginning, middle and end stages of project and programmes. The course is accompanied by an extensive indexed manual that contains full course text, examples and a customisable project risk check list. Course programme • key players and roles • project management methods • project diversity – different project types. Managing successful projects and programmes • how projects and programmes put organisations at risk • the auditor’s involvement in projects – a practical working framework. First steps • how projects are initiated • how to assess initial project risk • factoring in complexity. Planning • good and bad business cases: the tangible and intangible; costs and benefits • project plans: the good and the bad • key performance targets, critical success factors and indicators • auditing project plans. Documentation, change and quality • change management • quality management • auditing late-stage projects. Benefits and outcomes • checking on benefits and outcomes • deciding on project contributions • measuring success and failure • post project reviews and lessons extraction • post implementation audits. Presented by Stan Dormer CFIIA, MindGrove Ltd Duration Two days Fees IIA member £895 +VAT Non-member £1095 +VAT Dates 27–28 February, London 12–13 June, London 4–5 December, London IIA CPD competency areas covered Business processes & project management Teams, metrics and money • people and risk factors associated with pace and stress • communication and quality issues • auditing project teams. Book YOUR PLACE at www.iia.org.uk/courses/appr Training courses for internal auditors 2014 | Page 35 Auditing specialist topics Auditing contracts, outsourcing and procurement In the news you’ll often see organisations being criticised for their inept handling of high profile contracts. Not surprisingly, when a business decides to outsource an operation, the uncertainties over cost and quality are a major worry. This course navigates you through the key risks that result from your organisation engaging in contracts, procurement or outsourcing. Who should attend? This course is open to all. What will I learn? After completion you will be able to: • be able to audit a contract or an outsourcing contract • be able to evaluate procurement tendering • appreciate how creating the right contract avoids many of the pitfalls associated with contracting. The course is accompanied by a manual that contains full course text and useful work programmes for contract, outsourcing and procurement audits. Course programme Creating the right contract and the audit of contracts generally • reviewing a contract • due diligence • term, duration and penalties for early termination • invalidity of terms and conditions • survivorship – matters that continue after the contract terminates • assets • main contractors and sub-contractors • warranties and performance bonds • fees and costs, price limitations, ceilings and movements • invoicing and payment, overpayments, underpayments • contractor payments and performance • cost control • change management. Auditing outsourcing contracts about to be let • the outsourcing procurement life cycle • the additional issues to be included in an outsourcing contract • are staff competencies established? • is the framework for relationship management in place? • is the business case transparent? • are performance indicators sufficient, reasonable and consistent? • are risk registers aligned and complete? NE W Auditing mid-maturity outsourcing contracts • is relationship management working? • is the right business outcome being delivered? • a re service credit, remedies, penalties and other incentive driving options working? • d oes the contract measure up to expectations? • c an more be obtained from the contract? Auditing end-of-life outsourcing contracts • was the business case delivered? • was the contract good value-for-money? • what was learnt from the contract? • should the contract be extended, in-sourced or re-tendered? Auditing procurement processes – the approach • management and the procurement process • controls over procurement • tendering processes • on-going due diligence • evaluation of value delivered. Presented by Stan Dormer CFIIA, MindGrove Ltd Duration Two days Fees IIA member £895 +VAT Non-member £1095 +VAT Dates 13–14 March, London 25–26 September, London IIA CPD competency areas covered International professional practices framework Risk & control Book YOUR PLACE at www.iia.org.uk/courses/acop Page 36 | Training courses for internal auditors 2014 Auditing specialist topics Data security risks for internal audit The rapid pace of technological change has transformed how personal data is collected and used. Social networks, cloud computing and portable devices pose new challenges as people leave digital traces everywhere. This course will enable you to review your organisation’s data security safeguards and show you some simple measures to help protect against data loss. Who should attend? Presented by The course is open to all. Dr Stephen Hill, Director, Snowdrop Consulting Ltd What will I learn? Upon completion you will be able to: • r ecognise your organisation’s current data exposures • identify the safeguards required to protect your data • u nderstand the risks of cloud computing and social media • implement current data protection legislation • u nderstand the EU revisions of the Data Protection Act. Duration Course programme IIA CPD competency areas covered The course will focus on the proposed EU reforms to the DPA and the risks of social media and cloud computing. • h ow is the digital environment challenging data protection? • d ata security risks and emerging threats including social media • d ata protection responsibilities for an internal auditor • IT governance as a best practice approach • E U data protection reforms – what is the Commission proposing? • w hat will be the key changes and how will they affect me? • d ata security and compliance including ISO27001 & BS10012 • data loss prevention methods – IT and people controls • practical tips to protect data. One day Fees IIA member £475 +VAT Non-member £675 +VAT Dates 8 April, London 16 October, London Quality & control Our average customer satisfaction rating for training courses is 99.5% Yes, honestly! (And we’re working on the other half a percent) Book YOUR PLACE at www.iia.org.uk/courses/dsr Training courses for internal auditors 2014 | Page 37 Auditing specialist topics Auditing the treasury function Many internal audit departments admit that the treasury function is not an area that they review on an annual basis. The technical aspects – and risks – associated with foreign exchange, hedging and investments can make it a tricky area to audit. This course will show you how to add value to treasury activity by optimising its efficiency and effectiveness. Who should attend? Internal auditors and those who work in the treasury function. What will I learn? Upon completion you will be able to: • plan risk based treasury audits that add value as well as provide assurance • understand the key issues of control failure concerning strategy and operations • identify early warning signals of potential problems • effectively promote best practice and communicate lessons learned. Course programme Overview of treasury fundamentals and the link to value • treasury remit for alignment with overall business strategy • design of treasury strategy and policies • risk implications of analysis and performance reporting • robustness of service objectives • risk management activities with appropriate benchmarks • a ppropriateness of current treasury services to stated needs. Treasury organisation and structure • advisory/in-house bank • cost centre/value added cost centre/profit centre • centralised/decentralised • advanced/intermediate/ elementary • segregation of duties • structure of a typical corporate and bank treasury • front, middle and back office structures • beyond the dealing room. Treasury risks (includes risks in the dealing operation) • human • operational • market and credit risks • risk mapping • system management. Dealing disasters and lessons to be learnt • Barings, Societe Generale, UBS – recurring problems highlighted. Auditing treasury • audit universe • treasury jargon • methodology • risk based assurance plans Page 38 | Training courses for internal auditors 2014 This course is being held by the ACT and endorsed by the IIA. • terms of reference – quality of internal audit coverage. • evaluating findings and assessing their significance • value adding audit report (style, structure, information, clarity, language) • actively reassess audit plan and adapt the audit process. Tackling audit challenges • staff interviews at all levels of management and operations • c ritical review of strategy, policy, objectives, procedures and guidelines • review of treasury organisation • warning signals and what to look for. Governance • explore the duties of the board and management • the Companies Act 2006 and UK Corporate Governance Code • treasury risk committees/role of ALCO in banks • treasury performance and how it is measured and reported. Derivatives (overview and purpose) • forwards and futures • FRAs, options and swaps • documentation (eg ISDAs and CSAs). Treasury management systems • security violations (including cyber fraud) • audit trail • capacity and capability • key interfaces • disaster recovery and business continuity. Presented by Raj Gandhi FCT FCCA Duration Two days Fees IIA or ACT member £1250 +VAT Non-member £1450 +VAT Dates 28–29 April, London 10–11 November, London IIA CPD competency areas covered International professional practices framework Business processes & project management Book YOUR PLACE at www.iia.org.uk/courses/atf Auditing specialist topics Auditing culture NE W Auditing specialist topics Auditing the human resources function NE W Risk and control issues are increasingly attributed to cultural weaknesses – especially in the financial services sector. In addition, internal auditors are now being asked to comment on the culture of the departments and organisations they audit. This course will examine what we mean by culture and how to approach a cultural audit. It may be a cliché but people are regularly described as an organisation’s greatest asset. Considerable energy and resources are invested in developing HR strategies, processes and services. This course will show you how to provide effective, professional insight and internal audit assurance over this important area. Who should attend? Who should attend? Heads of internal audit and audit managers. What will I learn? Upon completion you will be able to: • understand the key elements of culture and the different methodology use to assess this • understand the difficulties in any assessment methodology including issues around subcultures and behaviours • consider the way culture interacts with other governance, risk, assurance and compliance processes • understand the different ways to approach a cultural audit • understand robust ways to think about culture when auditing other matters • understand latest guidance from the FCA on this topic. Course programme • d efinitions and models of culture • sub-cultures – country cultures and behaviours • differences between the espoused and real culture – understanding defensive routines • what can and cannot be inferred from staff surveys • the psychology of decision making and how this may be influencing culture • g roup dynamics and politics • models of organisational effectiveness that can be used as a way of approaching cultural issues • recognising the limits of internal audit in this area • practical ways to begin auditing culture. Presented by James Paterson PIIA, Director Risk & Assurance Insights Ltd Duration One day Fees IIA member £475 +VAT Non-member £675 +VAT Dates 27 March, London 25 September, London IIA CPD competency areas covered Risk & control Internal environment Book YOUR PLACE at www.iia.org.uk/courses/ac The course is open to all. What will I learn? Upon completion you will be able to: • u nderstand the role and importance of a modern HR function and how it should support the achievement of organisational objectives and strategy • r ecognise the objectives of HR and its key activities • identify and assess risk and appropriate mitigation associated with the HR function from an internal audit perspective • d eliver professional insight and internal audit assurance over HR and its service delivery • k now where to obtain additional resources to help you audit HR in your organisation more effectively. Course programme • b ackground to HR management • importance of effective HR to all organisations, irrespective of sector • objectives of organisational HR activity • range of services delivered by modern HR functions • alternate HR strategies available to organisations • r isks associated with the HR function and HR service delivery and options for risk mitigation • t opical HR issues and developments facing organisations and the HR profession • common problems and practical issues faced when auditing HR. Presented by John Chesshire CFIIA CISA Duration One day Fees IIA member £475 +VAT Non-member £675 +VAT Date 19 November, London IIA CPD competency areas covered International professional practices framework Risk & control Internal environment Book YOUR PLACE at www.iia.org.uk/courses/ahr Training courses for internal auditors 2014 | Page 39 IT audit Introduction to information systems auditing If you haven’t conducted an IT audit before, or you’ve only been involved in a few IT audits, then this course is the ideal starting point for you. It aligns to the latest standards and best practice approaches and is updated each year to keep pace with emerging technology. The course will enable you to confidently perform a review of the impact of technology on your organisation. Who should attend? This course is open to all. What will I learn? Upon completion you will be able to: • understand relevant best practices • identify laws, risks and controls that impact an organisation’s information processing • perform reviews of live application systems • perform reviews of systems under development • review information security policies and physical security within the organisation • review contingency and business resumption plans • review logical security • perform elementary network reviews. Physical security • review the key issues. Logical security • logical access control – concepts • identification, authentication, authorisation and logging • passwords – the downside • permissions • event logging – journals – trails • access reviews. Contingency and disaster avoidance • determining the range of services and their priority • third party options • maintaining the plan. Networks • network terminology – short and long haul • network diagrams – contextual, logical, physical • LAN – local area networks • WAN – wide area networks • key network risks • network management • monitoring and control – the auditor’s perspective. Course programme Presented by Working to best practices • backdrop to IT auditing and audit roles • governance: ISO/IEC 38500:2008 and COBIT • Computer Misuse Act, Data Protection Act, Copyright and Patents Act, Freedom of Information Act, Regulations of Investigatory Powers Act, Electronic Communications Act 2000. Stan Dormer CFIIA, MindGrove Ltd Risks associated with systems • IT risks – confidentiality, availability, integrity and accountability • auditing existing systems – risk based approach • applications and key controls • new controls made available through technology. Auditing new systems and developments • software procurement • systems development life cycle (SDLC) • rapid application development – RAD • change control. Duration Four days Fees IIA member £1590 +VAT Non-member £1790 +VAT Dates 18–21 March, London 21–24 October, London IIA CPD competency areas covered International professional practices framework Quality & control Auditing the building blocks of IT control • best practices and standards for service delivery • ITIL v2, ITIL v3 and ISO/IEC 20000 • ISO/IEC 27001 and ISO/IEC 27002. Information security and acceptable use policies • top management commitment • creating a security policy. Book YOUR PLACE at www.iia.org.uk/courses/iisa Page 40 | Training courses for internal auditors 2014 NE W IT audit Auditing networked systems Networks are the lifeblood of modern businesses and an assumption is often made that, because they are complex, specialised IT auditors are required to review them. This course will ease you through the terminology and technology barriers and show you strategies you can deploy to help your organisation reduce the risks posed by corporate networks. Who should attend? This course is open to all. What will I learn? Upon completion you will be able to: • demonstrate an understanding of the component parts of network based systems • describe risks and controls associated with common networking strategies • audit data flowing over networks and evaluate the risks to do with networking • understand better how to deal with emerging network technologies. Course programme Network terminology and hardware • load balancing devices – issues and risks • web servers with caching – issues and risks • routing – issues and risks • network admission control • firewalls and firewall – issues and risks • unwired networks – issues and risks • auditing infrastructures – a data path approach. Network issues and auditing • simple security reviews using test tools • checking your website – simple vulnerability mapping • understanding infrastructure maps, diagrams and models • mapping risks by examining interactions between devices • one-way data flow – issues and risks • two-way data flow – issues and risks • three-way data flow – issues and risks • auditing networks services using a risk based approach. Network control • a uthentication strategies for screening parties – unilateral and bilateral approaches • c ookie strategies • s afe delivery and control of sensitive or private data • d ata loss prevention software • integrity preservation controls • p ublic key cryptography and digital certificates • S SL to protect bilateral remote exchange • a uditing network controls – a mapped approach • S ANS top twenty controls. Presented by Stan Dormer CFIIA, MindGrove Ltd Duration Two days Fees IIA member £895 +VAT Non-member £1095 +VAT Dates 23–24 June, London 9–10 December, London IIA CPD competency areas covered Information technology Risk & control Data collection & analysis Book YOUR PLACE at www.iia.org.uk/courses/ans Training courses for internal auditors 2014 | Page 41 IT audit Advanced information systems auditing IT knowledge expires quickly and so developing your expertise in IT audit can be challenging. This course will lift your understanding of IT audit approaches, tools and strategies. It will enable you to perform effective audits of complex working environments and tackle other complex issues such as how your infrastructure should be hardened and controlled. System objects and their interaction • security reference monitor – the moderator between objects. ITSEC policy • registration, identification, authentication, authorisation and logging • permissions and least rights rules • role-based access control. Internal auditors with at least six months experience in IT auditing. Data control – detective processes • event auditing • effective capture, viewing and retention. What will I learn? Presented by Upon completion you will be able to: • understand the process of hardening systems and be able to evaluate vulnerability, patch and fix regimes • d eploy analytical software products and techniques to locate or evaluate system weaknesses • analyse and evaluate critical preventative and directive control processes within systems • analyse and evaluate control trails and event logs. Stan Dormer CFIIA, MindGrove Ltd Course programme Dates Can systems be secure? • formal mandated security in systems. 21–23 July, London Who should attend? Hardening systems – preventing and detective measures • hardening of key software – the process • configuring applications/services • configuring server side applets/scripts • configuring the user community • patching and fixing systems as part of IT support. Duration Three days Fees IIA member £1290 +VAT Non-member £1490 +VAT IIA CPD competency areas covered Quality & control Risk & control Tools and strategies for auditors • validation of security in systems – the process • verification of build • inventory, software base and licensing • is your organisation configuring best practice security? • locating weaknesses in applications – tools and technique • automated exploit testing – tools and technique • penetration testing and penetration testing contracts. Data control – preventative and directive processes • the big three – confidentiality, integrity and accountability • identifying data domains – domain based planning • deliver assurance between domains – the approach • identifying and defining data assets and ownership • reviewing the inter-domain interfaces for hazards and risks • d etermine inter-domain data asset protection requirements – define protection attributes • documentation of control architecture. Book YOUR PLACE at www.iia.org.uk/courses/aisa Page 42 | Training courses for internal auditors 2014 HOW TO BOOK All our training courses can be booked online. Our website has full details including dates, venue details and tutor profiles. Visit www.iia.org.uk/courses Contact us If you have any questions about the suitability of a course please give us a call. We’d also be delighted to discuss your in-house training requirements. Call the training team on 020 7498 0101 Email [email protected] Course details are correct at the time of going to press. We reserve the right to cancel or modify the programme at any time. Please check our website for current details at www.iia.org.uk/courses. For terms and conditions visit www.iia.org.uk/terms. Training courses for internal auditors 2014 | Page 43 About the Chartered Institute of Internal Auditors First established in 1948, we obtained our Royal Charter in 2010. We are the only professional body dedicated exclusively to training, supporting and representing internal auditors in the UK and Ireland. We have approximately 8,000 members in all sectors of the economy including private companies, government departments, utilities, voluntary sector organisations, local authorities and public service organisations such as the National Health Service. Members of the Chartered Institute of Internal Auditors are part of a global network of 180,000 members in 190 countries. All members across the globe work to the same International Standards and Code of Ethics. Over 2,000 members of the institute are Chartered Internal Auditors and have earned the designation CMIIA. 800 of our members hold the position of head of internal audit and most FTSE 100 companies are represented amongst the institute’s membership. Chartered Institute of Internal Auditors 13 Abbeville Mews 88 Clapham Park Road London SW4 7BX tel 020 7498 0101 email [email protected] Find us at www.iia.org.uk and also here: @CharteredIIA CharteredIIA © December 2013 Chartered Institute of Internal Auditors